Search icon


14th Jul 2022

Bank of Ireland warns customers about new scam involving one time passcodes

Stephen Porzio

The bank has reported a 50% increase in smishing fraud cases in the last month.

Bank of Ireland has warned its customers about a “new wave of smishing scams” after a recent spike in fraudster activity.

The bank says the new fraudulent text messages in circulation see scammers using customers’ card details to set up Apple and Google Pay.

As part of these, a customer receives a fake text purportedly from a delivery service such as An Post or Government agencies like HSE or Revenue.

Examples of such texts include: “Your parcel is ready for delivery. Please pay the outstanding charge on this link —-” or “You’ve been a close contact of someone with Covid. Please follow the instructions here to order a test —–“.

If the customer clicks the link, they are brought to a fake website and are asked to give some personal information and their credit or debit card number.

And if they provide these details, the fraudster will do one or two things.

They will use the customer’s card details to set up Apple Pay or Google Pay.

The customer will then get a genuine one time passcode from Bank of Ireland to confirm the Apple Pay or Google Pay set up, which they are prompted to give to the fraudster on the phishing website.

Or, based on the card number the customer has given, the fraudster will direct the customer to a spoofed online banking login page.

There, the customer gives their online banking login details and then gets a genuine one time passcode to set up online banking on a new device.

The customer gives that code away on the phishing website, which allows the fraudster to set up online banking and make payments from the customer’s account.

Where customers have stopped part of the way through these scams, they may then get a phone call from the scammer claiming to be from Bank of Ireland in an attempt to get the customer’s banking details and the one time passcode.

Those calls will often look like they are coming from genuine Bank of Ireland numbers as the fraudster can spoof the number that appears in people’s display.

During the last month, the number of smishing cases detected by Bank of Ireland’s Fraud Prevention team has increased by around 50% since the introduction of these tactics.

As a result, the bank’s advice to customers in response to the current activity is as follows:

  • Do not click on links or respond to any SMS text messages which are designed to appear as if sent by the bank or other businesses and service providers.
  • Remember that Bank of Ireland will never send you a text with a link to a website that asks you for your online banking login details or any one time passcodes that its sent to you.
  • Do not share your one time passcode to set up Apple and Google Pay on your card with anyone even if the person advises they are from Bank of Ireland
  • If you get a suspicious text, email a screenshot of the text to [email protected] and then delete the text.
  • If you think you may have given away any of your banking details, call the bank’s 24/7 Freephone line 1800 946 764 immediately.

“Fraudsters tend to use a range of tactics that have been the subject of regular warnings for some time,” Bank of Ireland Head of Fraud Edel McDermott said in a statement.

“When a new variation on a familiar theme crops up, this is a cause for real concern, and we are warning customers to be extra vigilant.

“Text messages appearing to be from third parties like delivery companies or Government agencies should be treated with caution and verified accordingly.

“Following fraudulent links in these texts is leading to customers disclosing card details, and then having Apple or Google Pay set up on their card, generating a genuine one time passcode from their bank.

“When this Passcode is then disclosed, this allows fraudsters full access to the customers’ account. Customers should never share this Passcode with anyone, even if they say they are from Bank of Ireland.”

For more advice and information on fraud, visit Bank of Ireland’s website here or the Fraudsmart website.

LISTEN: You Must Be Jokin’ with Aideen McQueen – Faith healers, Coolock craic and Gigging as Gaeilge


Home News